Today Oracle released its latest version of Solaris technology, the Oracle Solaris 11 Express 2010.11 release. It includes a large number of new features not found in either Oracle Solaris 10 or previous OpenSolaris releases including ZFS encryption and deduplication, network-based packaging and provisioning systems, network virtualization, optimized I/O for NUMA platforms and optimized platform support including support for Intel's latest Nehalem and SPARC T3. In addition, Oracle Solaris 10 support is available from within a container/zone so migration of existing systems is greatly simplified. The release is available under a variety of licenses including a supported commercial license on a wide variety of x86 and SPARC platforms.

I see ZFS crypto is part of the release. Oracle very cleverly held off integration until the build after they pull down the firewall curtain (b148). The code for ZFS crypto as a result won't come out until the full Solaris 11 release is out (2011). Stops people like Nexenta from competing with Oracle/Sun storage boxes.

Opensolaris had gotten support for the onboard AES encryption in recent Intel chips (Nehalem die-shrink: Westmere) so if you have a laptop with one of the newer i5/i7 you'll get better performance for ZFS crypto if using AES.

Darren Moffat has two good blog posts up about ZFS-Crypto (he was project lead). Obviously posted them to tie in with this release. http://blogs.sun.com/darren/

Agreed. And for me, I really want be able to encrypt a disk partition. ZFS crypto is a /big/ feature.

ZFS crypto will not help with encrypting a single disk partition, as it works at the filesystem layer, not the disk layer. Unless you are going to make a pool using just that one partition, but then you lose all the benefits of running ZFS as you have 0 redundancy.

There are other options to encryption, even with ZFS; at least in the FreeBSD world, thanks to GEOM. Use geli(4) to create encrypted GEOM providers, then build your ZFS pool out of those providers. Voila! Encrypted ZFS pool. Sure, it's pool-level and not ZFS filesystem level, but it's still encrypted.